Re: CVE request: Linux kernel: nfs: information leakage

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is definitely a problem that can have a CVE ID; use
CVE-2014-2038.

However, is "A user/program could use this flaw to leak kernel memory
bytes" the only impact? In

  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=263b4509ec4d47e0da3e753f85a39ea12d1eff24

is there also an opportunity for Client B to conduct a DoS attack
against Client A (i.e., causing Client A's data to be completely lost)
if the NFSv4 ACL on /mnt/file gives Client B APPEND_DATA access but
not WRITE_DATA access?

Our understanding is that you mean the "extra" bytes printed by the
cat command, i.e.,

   0 \357 \277 \275 D 0 \357 \277 \275

are the leaked kernel memory bytes.

Unless someone has an alternative interpretation, this would most
likely be covered by a single CVE (i.e., "does not always verify that
the cached page is up-to-date" is the root cause; information
disclosure and a possible DoS are the impacts).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTBj2PAAoJEKllVAevmvms+f4H/iv05BaZSO4Uekg29J+rocqd
cG3tjUVOa9/3+9AMJooAtY8kUIDqrZ55q7WvuQPsMli6gE1ibGKGBTMVAyXtIj57
lI9PQBPOx8i6b31Mfxo/Gb+TbsXOQzAgMTs3OKtuYeUUrY6wt0tVikMpYHrr7/J2
LvMAZP6ZmG5aTYkvFJamnkmyH+U0rjk2arhZz4YOWFPuTPPFhqrMX/wivulDoDqT
MZDPLK7lo7QJuSXCxtsA8xYOSBIB9HPY11E5M11qFErG7CZhgPINxg/KG4HQmjLO
4p1Tvnz37pjLvD3XkHPXTVRCMFROST/uwoH/L9lOctsr3+Dt8OT62MZ/yp2/p88=
=NFAO
-----END PGP SIGNATURE-----